Working from nine to five in an office is
no longer the way that many people make a living. The use of advanced
technology is now a way of life and affords us many more options. Employees
work remotely more often than they used to—from home, on business trips, or
whilst servicing facilities or customers in the field—and now expect to be able
to access the corporate network via mobile devices. In a bid to improve
productivity and achieve cost savings, organisations are also increasingly
opening up their networks to business partners, suppliers and, in some cases,
to customers. As well as this, very little business is conducted today from
just one single isolated geographic location.
The need to provide remote access to
centralised information technology resources can create headaches for those in
charge—especially since much of this traffic can be reliant on insecure
communications channels, and the internet in particular. In today's highly
regulated world, organisations are under considerable pressure to prove that no
one has tampered with their computer networks, or the data that they carry.
This means that remote access is now a fact
of life, but is not always easy to administer or manage. When organisations
first started providing remote access to their employees with internet access
in the mid-1990s, the most common form of connection was via a dial-up service,
with access control mainly addressed by a user name and password combination.
For some organisations, it made sense to develop proprietary solutions using
leased lines to connect different office locations, but this is an expensive
Today, virtual private network (VPN)
technologies have emerged as the solution of choice for achieving remote access
needs. And among these, two flavours of VPNs have emerged as the favoured
technologies—secure socket layer (SSL) and internet protocol security (IPSec)
VPNs. SSL VPNs require just a browser on the client to be set up remotely and
are therefore suitable for connecting large numbers of remote users for casual
or ad hoc access. However, they are generally only useful for accessing
web-enabled applications, unless specific application programming interfaces
(API) have been written for enterprise applications such as customer
relationship management systems. This means that they are not a full remote
access solution in most cases.
IPSec VPNs, on the other hand, can be used
to access any applications running on a network and can provide the user with
the same experience as if they were physically located in the office. But IPSec
VPNs have traditionally had large management and administrative overheads
associated with them as they relied on the manual installation of software
agents on each device needing access, which
is costly in terms of the resources and time required to set them up and keep
them running. Although the most commonly used type of VPN, especially for
branch-to-branch communications, it was difficult to make such deployments
scale to more than about 100 users.
To address these problems, IPSec VPN
vendors have added many new features to their products, resulting in the
development of a new generation of IPSec VPNs that streamline many of the
management headaches associated with deployments in large complex environments.
Among the features that make them easier to manage are the provision of
centralised management capabilities that provide one single point of
administration for setting up, managing and maintaining deployments. This
allows organisations to manage large, complex deployments with just a handful
of administrative resources, saving greatly on associated costs.
Not only is the new generation of IPSec
VPNs easier and more cost effective to manage than earlier versions of the
technology, but there are also a number of other added features that will make
them attractive for a wide range of organisations in terms of the ability to
improve their security procedures associated with remote access and to help
them achieve regulatory compliance objectives such as data protection. Among security
features that are now available in newer technologies are the inclusion of
personal firewalls for each device under management, which not only handle the
security settings, but make sure that users are prevented from tampering with
security controls that have been set. They also enable checks to be made on the
security levels applied to each endpoint under management and can enforce that
the correct security tools are deployed on each machine, according to set policies.
Use of a centralised RADIUS (remote access dial-up service) server that ties
remote access authentication to backend databases such as LDAP and that logs
all access attempts for reporting purposes helps greatly in ensuring that users
can access only those applications to which they have been assigned rights.
But security is only as good as its weakest
link, so an IPSec VPN deployment needs to provide coverage for all systems and
devices used by organisations today, including databases, enterprise
directories and devices that allow mobile networking—as well as extending
coverage to new forms of technology as they emerge. For example, since
operating systems are used for accessing the applications that users need, the
ideal IPSec VPN will provide broad support for such systems, including Linux
and Microsoft Vista, both 32 and 64-bit versions, as well as for operating
systems used by mobile devices, such as Symbian and Windows Mobile.
One further piece of the puzzle is that, in
order to ensure that corporate data is protected and that all actions can be
tied to individual perpetrators, full logging and reporting capabilities are
required for use in security audits. With next-generation IPSec VPNs, all
events are automatically logged and the reports are communicated to the central
administration point for use by management.
With these new capabilities, IPSec VPNs
have finally come of age. Until recently, VPN solutions on the market were
unwieldy and difficult to manage in the case of IPSec, or provided only limited
levels of access in the case of SSL. Now, this new generation of IPSec VPNs can
provide highly secure remote access in a wide range of scenarios at a much
lower overall cost in terms of administration, management and maintenance than first-generation
products. The headaches associated with managing large-scale IPSec VPN
deployments are now a thing of the past.
report The essential elements of secure remote access is free for download here.